Cloud-native platform provides the foundation for SOC-as-a-Service

Cloud-native platform provides the foundation for SOC-as-a-Service

Cysiv has developed its own cloud-native, next-generation SIEM in response to the limitations, deployment challenges, and frustrations associated with traditional SIEMs.

The foundation for Cysiv’s threat monitoring, detection, hunting, investigation, and remediation service features, Cysiv Command is a modern, security operations, and analytics platform.

It combines a number of essential technologies and functions into a single platform, leveraging a broad range of advanced data science techniques to automate the time-consuming, complex but essential activities and processes for truly effective threat detection, hunting, investigation, and remediation.

Key Features

SIEM backed by Data Lake

Our SIEM can complement—or for some—replace an existing SIEM investment, providing the following core SIEM functionality:

  • Collects and normalizes events in real time from a broad range of security event log sources
  • Generates automated detections using a variety of analytic approaches
  • Provides historical analysis via searches queries and, time-based visualization

It’s backed by a massively scalable, purpose-built, indexed data lake, with tiered data storage (hot, warm, and cold) to better manage costs and support compliance requirements. Large customers get their own dedicated data lake.

Automated Threat Detection and Triage

Leverages a blend of signature-, behavior-, statistic- and algorithm-based (supervised and unsupervised machine learning) detection techniques to automatically identify potential threats with high confidence.

Cysiv aggregates logs into indicators, correlates them with integrated cyber intel, and then aggregates indicators into detections through its proprietary Indicator-Detection Engine. Security incidents are automatically prioritized based on the highest severity detections, focusing attention on the investigation of the most critical detections first, thus streamlining analyst workload.


Ingested logs are parsed, cleansed, normalized, enriched, and indexed. During enrichment, logs are attributed with IP address. Active Directory and critical asset data to provide important context during an investigation. Following indexing, Cysiv’s rules engine correlates logs to integrated cyber intel to trigger high-fidelity indicators and detections. Enrichment of logs accelerates incident response times and increases analyst productivity.

User and Entity Behavior Analytics (UEBA)

Leverages machine learning methods to augment and enhance rule-based threat detection with user and entity behavior analytics. Standard profiles and behaviors are built for users and hosts across time, and any activity that is anomalous to these standard baselines is triggered as suspicious.

Threat Intelligence Platform

Collects, classifies, corroborates, and scores large volumes of unstructured and highly related IOCs, resulting in all-source, finished intelligence that is included and integrated with the Cysiv platform. IOC sources include dozens of high-quality curated feeds from around the world, Cysiv-generated IOCs, and community-sourced IOCs from customers that have opted-in to share them.

Incident Response

Provides workflow capabilities based on the NIST Incident Response Life Cycle, tight integration, transparency, and seamless communication and collaboration during detection handling and incident management. Supports integrations with third party case management and incident response platforms. Embedded runbooks guide and standardize the incident investigation and response activities and also support customer specific procedures.

Network Traffic Analysis

Analyzes flow records and network traffic metadata to build models that reflect normal behavior to detect abnormal north/south and east/west traffic patterns. Traffic analysis also serves as investigation support and improves the fidelity of user and entity-based detections.

Compliance and Risk Reporting

Customizable, curated dashboards and reports provide essential information and visibility for a variety of personas in the security operations organization, including analysts/IR, engineers, executives, and compliance/risk managers. Reporting supports a variety of common compliance and regulatory frameworks.

Key Benefits

  • Faster detection and response
  • Detects previously unknown threats
  • Enables threat hunting and forensics
  • Monitors activities inside network
  • Accelerates investigations
  • Improved operations and compliance

Discover the Cysiv advantage.

Platform Demo v6 - H264

Cysiv’s own cloud-native platform provides the foundation for SOC-as-a-Service.

Request a Demo